Êîìïüþòåðíûé ôîðóì OSzone.net  

Êîìïüþòåðíûé ôîðóì OSzone.net (http://forum.oszone.net/index.php)
-   Ëå÷åíèå ñèñòåì îò âðåäîíîñíûõ ïðîãðàìì (http://forum.oszone.net/forumdisplay.php?f=87)
-   -   [ðåøåíî] nod 32 óñèëåííûé ðåæèì (âèðóñ) (http://forum.oszone.net/showthread.php?t=210141)

Melkii_in 29-06-2011 19:53 1703803
nod 32 óñèëåííûé ðåæèì (âèðóñ)
 
Âëîæåíèé: 2
  • info.txt (15.80 KB, ñêà÷èâàíèé: 11)
  • log.txt (35.60 KB, ñêà÷èâàíèé: 15)
Çäðàâñòâóéòå!
Ñèòóàöèÿ òà æå, ÷òî ó ïîëüçîâàòåëÿ OkeWismut http://forum.oszone.net/thread-209251.html
Âñå íà÷àëîñü ñ îáíîâëåíèÿ ôëåøà, ïîòîì ïîñëå ïåðåçàãðóçêè áûë áåçîïàñíûé ðåæèì, ïîñëå ÷åãî êîìïüþòåð ñíîâà ïåðåçàãðóçèëñÿ è ïîñëå ÷åãî ÿ íå ìîã îáíàðóæèòü óñòàíîâëåííîãî êàñïåðñêîãî, âìåñòî íåãî ïîÿâèëñÿ nod 32, ðàáîòàþùèé â óñèëåííîì ðåæèìå.
Ïðîñêàíèë êîìï ÑureIt. íî òàê è íå èçáàâèëñÿ îò íîäà.
Ïîäãîòîâèë ëîãè, ïðîøó ïîìîùè.

alex_sev 29-06-2011 21:06 1703848
Ñìîòðþ ëîãè, ñêîðî îòâå÷ó

alex_sev 29-06-2011 21:51 1703870
Âûïîëíèòå ñêðèïò â AVZ (Ôàéë - Âûïîëíèòü ñêðèïò)

Êîä:
begin
ShowMessage('Âíèìàíèå! Ïåðåä âûïîëíåíèåì ñêðèïòà AVZ àâòîìàòè÷åñêè çàêðîåò âñå ñåòåâûå ïîäêëþ÷åíèÿ.'+#13#10+'Ïîñëå ïåðåçàãðóçêè êîìïüþòåðà ïîäêëþ÷åíèÿ ê ñåòè áóäóò âîññòàíîâëåíû â àâòîìàòè÷åñêîì ðåæèìå.');
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
SearchRootkit(true, true);
SetAVZGuardStatus(True);
 TerminateProcessByName('c:\windows\update.5.0\svchost.exe');
 SetServiceStart('srvbtc1', 4);
 SetServiceStart('srvbtcclient', 4);
 StopService('srvbtc1');
 StopService('srvbtcclient');
 QuarantineFile('C:\WINDOWS\winlogin.exe','');
 QuarantineFile('services32.exe','');
 QuarantineFile('C:\WINDOWS\sysdriver32_.exe','');
 QuarantineFile('C:\WINDOWS\tasks\system.job','');
 QuarantineFile('C:\WINDOWS\sysdriver32.exe','');
 QuarantineFile('C:\WINDOWS\TEMP\9937383.exe','');
 QuarantineFile('C:\WINDOWS\TEMP\2955526.exe','');
 QuarantineFile('C:\DOCUME~1\559D~1\LOCALS~1\Temp\8602390.exe','');
 QuarantineFile('C:\DOCUME~1\559D~1\LOCALS~1\Temp\8519197.exe','');
 QuarantineFile('C:\DOCUME~1\559D~1\LOCALS~1\Temp\8240517.exe','');
 QuarantineFile('C:\DOCUME~1\559D~1\LOCALS~1\Temp\8064324.exe','');
 QuarantineFile('C:\WINDOWS\winlogin.exe','');
 QuarantineFile('C:\WINDOWS\taskmsgr.exe','');
 QuarantineFile('C:\WINDOWS\systemxp.exe','');
 QuarantineFile('C:\WINDOWS\winexp.exe','');
 QuarantineFile('C:\DOCUME~1\559D~1\LOCALS~1\Temp\7667377.exe','');
 QuarantineFile('C:\DOCUME~1\559D~1\LOCALS~1\Temp\6985877.exe','');
 QuarantineFile('C:\DOCUME~1\559D~1\LOCALS~1\Temp\6387535.exe','');
 QuarantineFile('C:\DOCUME~1\559D~1\LOCALS~1\Temp\6365733.exe','');
 QuarantineFile('C:\DOCUME~1\559D~1\LOCALS~1\Temp\621017.exe','');
 QuarantineFile('C:\DOCUME~1\559D~1\LOCALS~1\Temp\5983970.exe','');
 QuarantineFile('C:\DOCUME~1\559D~1\LOCALS~1\Temp\5776888.exe','');
 QuarantineFile('C:\DOCUME~1\559D~1\LOCALS~1\Temp\5338889.exe','');
 QuarantineFile('C:\DOCUME~1\559D~1\LOCALS~1\Temp\4839128.exe','');
 QuarantineFile('C:\DOCUME~1\559D~1\LOCALS~1\Temp\4579048.exe','');
 QuarantineFile('C:\DOCUME~1\559D~1\LOCALS~1\Temp\4398545.exe','');
 QuarantineFile('C:\DOCUME~1\559D~1\LOCALS~1\Temp\4331751.exe','');
 QuarantineFile('C:\DOCUME~1\559D~1\LOCALS~1\Temp\281428.exe','');
 QuarantineFile('C:\DOCUME~1\559D~1\LOCALS~1\Temp\174181.exe','');
 QuarantineFile('C:\DOCUME~1\559D~1\LOCALS~1\Temp\1245214.exe','');
 QuarantineFile('C:\DOCUME~1\559D~1\LOCALS~1\Temp\1021112.exe','');
 QuarantineFile('C:\WINDOWS\update.4.1\svchost.exe','');
 QuarantineFile('c:\windows\update.5.0\svchost.exe','');
 QuarantineFile('C:\WINDOWS\update.1\svchost.exe','');
 QuarantineFile('c:\windows\update.2\svchost.exe','');
 QuarantineFile('C:\WINDOWS\update.3\svchost.exe','');
 QuarantineFile('c:\windows\update.4\svchost.exe','');
 QuarantineFile('C:\WINDOWS\update.tray-2-0\svchost.exe','');
 QuarantineFile('C:\WINDOWS\unrar.exe','');
 QuarantineFile('C:\WINDOWS\myunrar2.exe','');
 QuarantineFile('C:\WINDOWS\namecoind.exe','');
 QuarantineFile('C:\WINDOWS\libeay32.dll','');
 QuarantineFile('C:\WINDOWS\miner2.exe','');
 QuarantineFile('C:\WINDOWS\loader2.exe_ok','');
 QuarantineFile('C:\WINDOWS\bitcoind.exe','');
 DeleteFile('C:\WINDOWS\update.tray-2-0\svchost.exe');
 DeleteFile('C:\WINDOWS\winlogin.exe');
 DeleteFile('C:\WINDOWS\tasks\system.job');
 DeleteFile('C:\WINDOWS\update.5.0\svchost.exe');
 DeleteFile('C:\WINDOWS\update.4.1\svchost.exe');
 DeleteFile('C:\WINDOWS\update.1\svchost.exe');
 DeleteFile('C:\WINDOWS\update.2\svchost.exe');
 DeleteFile('C:\WINDOWS\update.3\svchost.exe');
 DeleteFile('C:\WINDOWS\update.4\svchost.exe');
 DeleteFile('C:\DOCUME~1\559D~1\LOCALS~1\Temp\1021112.exe');
 DeleteFile('C:\DOCUME~1\559D~1\LOCALS~1\Temp\1245214.exe');
 DeleteFile('C:\DOCUME~1\559D~1\LOCALS~1\Temp\174181.exe');
 DeleteFile('C:\DOCUME~1\559D~1\LOCALS~1\Temp\281428.exe');
 DeleteFile('C:\DOCUME~1\559D~1\LOCALS~1\Temp\4331751.exe');
 DeleteFile('C:\DOCUME~1\559D~1\LOCALS~1\Temp\4398545.exe');
 DeleteFile('C:\DOCUME~1\559D~1\LOCALS~1\Temp\4579048.exe');
 DeleteFile('C:\DOCUME~1\559D~1\LOCALS~1\Temp\4839128.exe');
 DeleteFile('C:\DOCUME~1\559D~1\LOCALS~1\Temp\5338889.exe');
 DeleteFile('C:\DOCUME~1\559D~1\LOCALS~1\Temp\5776888.exe');
 DeleteFile('C:\DOCUME~1\559D~1\LOCALS~1\Temp\5983970.exe');
 DeleteFile('C:\DOCUME~1\559D~1\LOCALS~1\Temp\621017.exe');
 DeleteFile('C:\DOCUME~1\559D~1\LOCALS~1\Temp\6365733.exe');
 DeleteFile('C:\DOCUME~1\559D~1\LOCALS~1\Temp\6387535.exe');
 DeleteFile('C:\DOCUME~1\559D~1\LOCALS~1\Temp\6985877.exe');
 DeleteFile('C:\DOCUME~1\559D~1\LOCALS~1\Temp\7667377.exe');
 DeleteFile('C:\DOCUME~1\559D~1\LOCALS~1\Temp\8064324.exe');
 DeleteFile('C:\DOCUME~1\559D~1\LOCALS~1\Temp\8240517.exe');
 DeleteFile('C:\DOCUME~1\559D~1\LOCALS~1\Temp\8519197.exe');
 DeleteFile('C:\DOCUME~1\559D~1\LOCALS~1\Temp\8602390.exe');
 DeleteFile('C:\WINDOWS\TEMP\2955526.exe');
 DeleteFile('C:\WINDOWS\TEMP\9937383.exe');
 DeleteFile('C:\WINDOWS\sysdriver32.exe');
 DeleteFile('C:\WINDOWS\sysdriver32_.exe');
 DeleteFile('services32.exe');
 DeleteFile('C:\WINDOWS\btc_client_iplist.txt');
 DeleteFile('C:\WINDOWS\btc_iplist.txt');
 DeleteFile('C:\WINDOWS\w_distrib_iplist.txt');
 DeleteFile('C:\WINDOWS\iecheck_iplist.txt');
 DeleteFile('C:\WINDOWS\ddh_iplist.txt');
 DeleteFile('C:\WINDOWS\iplist.txt');
 DeleteFile('C:\WINDOWS\front_ip_list.txt');
 DeleteFile('C:\WINDOWS\av_ico');
 DeleteFile('C:\WINDOWS\winlog-ids.txt');
 DeleteFile('C:\WINDOWS\winlog-dirs.txt');
 DeleteFile('C:\WINDOWS\unrar.exe');
 DeleteFile('C:\WINDOWS\myunrar2.exe');
 DeleteFile('C:\WINDOWS\namecoind.exe');
 DeleteFile('C:\WINDOWS\libeay32.dll');
 DeleteFile('C:\WINDOWS\miner2.exe');
 DeleteFile('C:\WINDOWS\loader2.exe_ok');
 DeleteFile('C:\WINDOWS\bitcoind.exe');
 RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','tray_ico');
 RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','tray_ico1');
 RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','tray_ico2');
 RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','tray_ico3');
 RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','tray_ico4');
 RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','1021112.exe');
 RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','1245214.exe');
 RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','174181.exe');
 RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','281428.exe');
 RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','4331751.exe');
 RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','4398545.exe');
 RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','4579048.exe');
 RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','4839128.exe');
 RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','5338889.exe');
 RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','5776888.exe');
 RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','5983970.exe');
 RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','621017.exe');
 RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','6365733.exe');
 RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','6387535.exe');
 RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','6985877.exe');
 RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','7667377.exe');
 RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','8064324.exe');
 RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','8240517.exe');
 RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','8519197.exe');
 RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','8602390.exe');
 RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','2955526.exe');
 RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','9937383.exe');
 RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','sysdriver32.exe');
 RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','sysdriver32_.exe');
 RegKeyParamDel('HKEY_LOCAL_MACHINE',' System\CurrentControlSet\Control\SafeBoot',' AlternateShell');
 RegKeyDel('HKEY_LOCAL_MACHINE','SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers');
 RegKeyDel('HKEY_LOCAL_MACHINE','SYSTEM\CurrentControlSet\Control\SafeBoot\network\wxpdrivers');
 RegKeyStrParamWrite('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon','UserInit', 'C:\WINDOWS\system32\userinit.exe,');
 DeleteFileMask('C:\WINDOWS\rpcminer', '*.*', true);
 DeleteFileMask('C:\WINDOWS\update.5.0\', '*.*', true);
 DeleteFileMask('C:\WINDOWS\update.5.0\', '*.*', true);
 DeleteFileMask('C:\WINDOWS\update.1\', '*.*', true);
 DeleteFileMask('C:\WINDOWS\update.2\', '*.*', true);
 DeleteFileMask('C:\WINDOWS\update.3\', '*.*', true);
 DeleteFileMask('C:\WINDOWS\update.4\', '*.*', true);
 DeleteFileMask('C:\WINDOWS\update.tray-2-0-lnk', '*.*', true);
 DeleteFileMask('C:\WINDOWS\update.tray-2-0', '*.*', true);
 DeleteFileMask('C:\DOCUME~1\559D~1\LOCALS~1\Temp\', '*.*', true);
 DeleteFileMask('C:\WINDOWS\TEMP\', '*.*', true);
 DeleteDirectory('C:\WINDOWS\rpcminer');
 DeleteDirectory('c:\windows\update.1');
 DeleteDirectory('c:\windows\update.2');
 DeleteDirectory('c:\windows\update.3');
 DeleteDirectory('c:\windows\update.4');
 DeleteDirectory('c:\windows\update.4.1');
 DeleteDirectory('c:\windows\update.5.0');
 DeleteDirectory('C:\WINDOWS\update.tray-2-0-lnk');
 DeleteDirectory('C:\WINDOWS\update.tray-2-0');
 DeleteService('srvbtc1');
 DeleteService('srvbtcclient');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
ExecuteFile('Netsh', 'firewall reset', 0, 10000, true);
RebootWindows(true);
end.
Êîìïüþòåð ïåðåçàãðóçèòñÿ, Ïîñëå ïåðåçàãðóçêè:
- âûïîëíèòå òàêîé ñêðèïò

Êîä:
begin
CreateQurantineArchive(GetAVZDirectory+'quarantine.zip');
end.
Ïîëó÷åííûé àðõèâ îòïðàâüòå ñ ïîìîùüþ ýòîé ôîðìû http://www.oszone.net/virusnet/ ñ óêàçàíèåì ññûëêè íà òåìó â òåìå (çàãîëîâêå) ñîîáùåíèÿ. ñ óêàçàíèåì ïàðîëÿ: virus â òåëå ïèñüìà.

Ïîôèêñèòå â HJT (ñïðàâêà ):

Êîä:
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O4 - HKLM\..\Run: [281428.exe] "C:\DOCUME~1\559D~1\LOCALS~1\Temp\281428.exe"
O4 - HKLM\..\Run: [8519197.exe] "C:\DOCUME~1\559D~1\LOCALS~1\Temp\8519197.exe"
O4 - HKLM\..\Run: [8064324.exe] "C:\DOCUME~1\559D~1\LOCALS~1\Temp\8064324.exe"
O4 - HKLM\..\Run: [5776888.exe] "C:\DOCUME~1\559D~1\LOCALS~1\Temp\5776888.exe"
O4 - HKLM\..\Run: [5983970.exe] "C:\DOCUME~1\559D~1\LOCALS~1\Temp\5983970.exe"
O4 - HKLM\..\Run: [5338889.exe] "C:\DOCUME~1\559D~1\LOCALS~1\Temp\5338889.exe"
O4 - HKLM\..\Run: [6365733.exe] "C:\DOCUME~1\559D~1\LOCALS~1\Temp\6365733.exe"
O4 - HKLM\..\Run: [1021112.exe] "C:\DOCUME~1\559D~1\LOCALS~1\Temp\1021112.exe"
O4 - HKLM\..\Run: [4579048.exe] "C:\DOCUME~1\559D~1\LOCALS~1\Temp\4579048.exe"
O4 - HKLM\..\Run: [6985877.exe] "C:\DOCUME~1\559D~1\LOCALS~1\Temp\6985877.exe"
O4 - HKLM\..\Run: [6387535.exe] "C:\DOCUME~1\559D~1\LOCALS~1\Temp\6387535.exe"
O4 - HKLM\..\Run: [1245214.exe] "C:\DOCUME~1\559D~1\LOCALS~1\Temp\1245214.exe"
O4 - HKLM\..\Run: [4398545.exe] "C:\DOCUME~1\559D~1\LOCALS~1\Temp\4398545.exe"
O4 - HKLM\..\Run: [621017.exe] "C:\DOCUME~1\559D~1\LOCALS~1\Temp\621017.exe"
O4 - HKLM\..\Run: [8240517.exe] "C:\DOCUME~1\559D~1\LOCALS~1\Temp\8240517.exe"
O4 - HKLM\..\Run: [8602390.exe] "C:\DOCUME~1\559D~1\LOCALS~1\Temp\8602390.exe"
O4 - HKLM\..\Run: [174181.exe] "C:\DOCUME~1\559D~1\LOCALS~1\Temp\174181.exe"
O4 - HKLM\..\Run: [4839128.exe] "C:\DOCUME~1\559D~1\LOCALS~1\Temp\4839128.exe"
O4 - HKLM\..\Run: [9937383.exe] "C:\WINDOWS\TEMP\9937383.exe"
O4 - HKLM\..\Run: [7667377.exe] "C:\DOCUME~1\559D~1\LOCALS~1\Temp\7667377.exe"
O4 - HKLM\..\Run: [2955526.exe] "C:\WINDOWS\TEMP\2955526.exe"
O4 - HKLM\..\Run: [4331751.exe] "C:\DOCUME~1\559D~1\LOCALS~1\Temp\4331751.exe"
O4 - HKLM\..\Run: [sysdriver32.exe] "C:\WINDOWS\sysdriver32.exe" rezerv
O4 - HKLM\..\Run: [sysdriver32_.exe] "C:\WINDOWS\sysdriver32_.exe" rezerv
Ïîâòîðèòå ëîãè AVZ è RSIT

Ñêà÷àéòå Malwarebytes' Anti-Malware èëè ñ çåðêàëà, óñòàíîâèòå, îáíîâèòå áàçû, âûáåðèòå "Perform Full Scan", íàæìèòå "Scan", ïîñëå ñêàíèðîâàíèÿ - Ok - Show Results (ïîêàçàòü ðåçóëüòàòû) - Îòêðîéòå ëîã è ñêîïèðóéòå â áëîêíîò è ïðèêðåïèòå åãî ê ñëåäóþùåìó ïîñòó.

Melkii_in 30-06-2011 14:13 1704292
Âëîæåíèé: 3
Âñå ñäåëàë. â MBAM óäàëÿòü èíôèöèðóåìûå îáúåêòû?

alex_sev 30-06-2011 14:25 1704305
Âîò ýòî â MBAM óäàëèòå îñòàëüíûå ëîãè ñåé÷àñ ïîãëÿæó:
Êîä:
HKEY_CURRENT_USER\SOFTWARE\Vkontakte (Trojan.Fkantakte) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SRVSYSDRIVER32 (Trojan.Agent) -> No action taken.
c:\WINDOWS\system32\greenfields.scr (Malware.Packer.Gen) -> No action taken.
c:\documents and settings\Admin\local settings\Temp\cf06674c-eda6-48df-b12c-f810984acf54.exe (Trojan.KillFiles) -> No action taken.

Melkii_in 30-06-2011 14:34 1704318
ÿ ïîñìîòðåë àíàëîãè÷íóþ òåìó íà ôîðóìå è ðåøèë óäàëèòü âñå, ÷òî áûëî èíôèöèðîâàíî â MBAM. õîòÿ òàì ÷òî-òî ïåðåíåñëîñü â êàðàíòèí

alex_sev 30-06-2011 14:38 1704321
Çà÷èñòèì ñëåäû:

Âûïîëíèòå ñêðèïò â AVZ (Ôàéë - Âûïîëíèòü ñêðèïò)

Êîä:
begin
ShowMessage('Âíèìàíèå! Ïåðåä âûïîëíåíèåì ñêðèïòà AVZ àâòîìàòè÷åñêè çàêðîåò âñå ñåòåâûå ïîäêëþ÷åíèÿ.'+#13#10+'Ïîñëå ïåðåçàãðóçêè êîìïüþòåðà ïîäêëþ÷åíèÿ ê ñåòè áóäóò âîññòàíîâëåíû â àâòîìàòè÷åñêîì ðåæèìå.');
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
SearchRootkit(true, true);
SetAVZGuardStatus(True);
 DeleteFileMask('C:\Documents and Settings\Admin\Local Settings\Temp\', '*.*', true);
 DeleteFileMask('C:\WINDOWS\rpcminer', '*.*', true);
 DeleteFileMask('C:\WINDOWS\update.4.1', '*.*', true);
 DeleteFileMask('C:\WINDOWS\av_ico.bak', '*.*', true);
 DeleteDirectory('C:\WINDOWS\rpcminer');
 DeleteDirectory('C:\WINDOWS\update.4.1');
 DeleteDirectory('C:\WINDOWS\av_ico.bak');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.
×òî ñ ïðîáëåìàìè?

Öèòàòà:
Öèòàòà Melkii_in
ÿ ïîñìîòðåë àíàëîãè÷íóþ òåìó íà ôîðóìå è ðåøèë óäàëèòü âñå, ÷òî áûëî èíôèöèðîâàíî â MBAM. õîòÿ òàì ÷òî-òî ïåðåíåñëîñü â êàðàíòèí »
Îñòàëüíîå áû ïîòîì äîóäàëÿëè, î÷èñòèâ òî÷êè âîññòàíîâëåíèÿ, à òàê Âû èõ ñäåëàëè íåðàáîòîñïîñîáíûìè

Melkii_in 30-06-2011 14:50 1704329
Íó çíà÷îê íîä 32 ñðàçó óáðàëñÿ, à ÖÏ ïðîäîëæàë ãðóçèòüñÿ íà 100%. Ñ÷àñ òàêîé çàãðóçêè ÖÏ íåòó. Ïðî êàïåðñêèé íè÷åãî íå ìîãó ñêàçàòü, òàê êàê ÿ åãî ñàì óäàëèë. Ñêðèïò âûïîëíèë. À íåëüçÿ èõ âîññòàíîâèòü èç êàðàíòèíà è ïîòîì î÷èñòèòü òî÷êè âîññòàíîâëåíèÿ?

alex_sev 30-06-2011 15:05 1704345
Òîãäà ÷èñòî, âûïîëíèòå ñëåäóþùèå ðåêîìåíäàöèè:

Âíèìàíèå! Ñìåíèòå âñå ïàðîëè ICQ, Êîíòàêò, Ïî÷òà èòä

Ñêîïèðóéòå ñëåäóþùèé êîä â áëîêíîò, ñîõðàíèòå êàê Reg.reg è çàïóñòèòå äâîéíûì ùåë÷êîì

Êîä:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot]
"AlternateShell"="cmd.exe"
Äåèíñòàëëèðóéòå Ask Toolbar

Íåîáõîäèìî î÷èñòèòü ðàíåå ñîçäàííóþ òî÷êó âîññòàíîâëåíèÿ è ñîçäàòü íîâóþ:
1. Íàæìèòå Ïóñê - Ïðîãðàììû – Ñòàíäàðòíûå – Ñëóæåáíûå – Î÷èñòêà äèñêà, âûáåðèòå ñèñòåìíûé äèñê, íà âêëàäêå Äîïîëíèòåëüíî-Âîññòàíîâëåíèå ñèñòåìû íàæìèòå Î÷èñòèòü
2. Íàæìèòå Ïóñê- Ïðîãðàììû – Ñòàíäàðòíûå – Ñëóæåáíûå – Âîññòàíîâëåíèå ñèñòåìû, âûáåðèòå Ñîçäàòü òî÷êó âîññòàíîâëåíèÿ, íàæìèòå Äàëåå, ââåäèòå èìÿ òî÷êè âîññòàíîâëåíèÿ è íàæìèòå Ñîçäàòü.

Äëÿ ïðåäîòâðàùåíèÿ çàðàæåíèÿ ðåêîìåíäóåòñÿ:
- íå ðàáîòàòü çà êîìïüþòåðîì ñ ïðàâàìè àäìèíèñòðàòîðà
- íå èñïîëüçîâàòü Internet Explorer èëè îòêëþ÷èòü â íåì ActiveX è íàñòðîèòü áåçîïàñíîñòü (ðåêîìåíäóåòñÿ èñïîëüçîâàòü Firefox c ïëàãèíîì NoScript)
- ðåãóëÿðíî óñòàíàâëèâàòü îáíîâëåíèÿ windows è àíòèâèðóñíîãî ïðîäóêòà (îáíîâëÿòü àíòèâèðóñíûå áàçû è ìîäóëè)
- îáíîâèòå äî ïîñëåäíåé âåðñèè Adobe Flash Player
- îáíîâèòå äî ïîñëåäíåé âåðñèè Adobe Reader
- îáíîâèòå äî ïîñëåäíåé âåðñèè Opera

Melkii_in 01-07-2011 14:54 1705152
Ñïàñèáî âàì çà ïîìîùü!

alex_sev 01-07-2011 14:58 1705163
×èñòîãî èíòåðíåòà


Âðåìÿ: 17:59.

Âðåìÿ: 17:59.
© OSzone.net 2001-